Thanks for the feedback – now I know where to look for the date on your articles.

Anyone who can read, can read ‘About the Author’ and ‘About this Blog’ at the top of every page on the right side… .oO(In fact Brian is the illegitimate son of Warren Buffett and William ‘Bill’ Henry Gates III by gene manipulation. But this is top secret! He was later adopted by some russian botherders. )

??? Program? Buggy? Really?? I haven’t read such ignorance in a while….must be a newbie.

“If you don’t need Java, uninstall it from your system. This program is extremely buggy, and Oracle tends to take its time with security updates, behaving as if it didn’t have hundreds of millions of individual users. “

This entry was posted on Thursday, August 30th, 2012 at 5:07 pm and is filed under Latest Warnings, Security Tools, Time to Patch.

Would it be possible to date your posts? I find it disconcerting when I access your website articles via RSS and have to look at the comment dates to determine when you posted an article such as this one (possibly Friday August 31, 2012) to determine which release of Java you mean – last Thursday’s (with a fatal flaw subsequently founded), or a fix to the current problems.

Tom (dated Sept 4, 2012 ~ 4:42PM)

For novices, here’s a really useful explanation by Leo Notenboom of “How do Java and Javascript relate to each other?”

http://ask-leo.com/how_do_java_and_javascript_relate_to_each_other.html

(Notenboom concludes with:

Java & JavaScript: Should you or shouldn’t you?

Given the current application and security landscape, I’ll make the following recommendations:

Javascript: In general, leave Javascript enabled and stay away from questionable sites. The practical fact is that many, many websites simply will not work if Javascript is disabled. If you are concerned, then the only true solution is to use Firefox with the NoScript add-on to allow selective choice of which websites are allowed to use Javascript. Similar-sounding add-ons for Chrome apparently don’t work reliably and give a false sense of security. Managing this through IE’s security zones is a confusing nightmare.

Java: Uninstall Java unless you’re certain you need it. It’s not at all uncommon to end up with Java installed because of a website you visited only once. Uninstall it, and if something you care about breaks, re-install it. In this case, some security-minded folks recommend [e.g., Brian Krebs!] having it enabled in only one browser that you don’t use regularly and explicitly disabling it in the browser you use day-to-day.

As for me, I just uninstalled Java. I know of only one program that I use that may eventually require it. Until then, I’ll run without.)

I first learned of the two-browser technique from Brian Kreb’s
http://krebsonsecurity.com/2012/08/security-fix-for-critical-java-flaw-released/
“…If you don’t need Java, uninstall it from your system. This program is extremely buggy, and Oracle tends to take its time with security updates, behaving as if it didn’t have hundreds of millions of individual users. If you decide later that you do need Java, you can always reinstall the program. If you still want to keep Java, but only need it for specific Web sites, you can still dramatically reduce the risk from Java attacks just by disabling the plugin in your Web browser. In this case, I would suggest updating to the latest version and then adopting a two-browser approach. If you normally browse the Web with Firefox, for example, consider disabling the Java plugin in Firefox, and then using an alternative browser (Chrome, IE9, Safari, etc.) with Java enabled to browse only the site that requires it.”

According to the Pastebin post, the file was originally taken from a Dell Vostro laptop … the attackers reportedly used a vulnerability in Java to gain access to the machine.

#NOSCRIPT